Page 6 of 29 results (0.006 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-3721 – jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)

https://notcve.org/view.php?id=CVE-2016-3721

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. Jenkins en versiones anteriores a 2.3 y LTS en versiones anteriores a 1.651.2 podría permitir a usuarios remotos autenticados inyectar parámetros de construcción arbitrarios en el entorno de construcción a través de variables del entorno. • http://rhn.redhat.com/errata/RHSA-2016-1773.html http://www.openwall.com/lists/oss-security/2024/05/02/3 https://access.redhat.com/errata/RHSA-2016:1206 https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11 https://www.cloudbees.com/jenkins-security-advisory-2016-05-11 https://access.redhat.com/security/cve/CVE-2016-3721 https://bugzilla.redhat.com/show_bug.cgi • CWE-17: DEPRECATED: Code •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-2149 – 3: logs from a deleted namespace can be revealed if a new namespace with the same name is created

https://notcve.org/view.php?id=CVE-2016-2149

Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace. Red Hat OpenShift Enterprise 3.2 permite a usuarios remotos autenticados leer archivos de registro de otro espacio de nombre utilizando el mismo nombre que un espacio de nombre que haya sido eliminado cuando se crea un nuevo espacio de nombre. It was found that OpenShift Enterprise would disclose log file contents from reclaimed namespaces. An attacker could create a new namespace to access log files present in a previously deleted namespace using the same name. • https://access.redhat.com/errata/RHSA-2016:1064 https://access.redhat.com/security/cve/CVE-2016-2149 https://bugzilla.redhat.com/show_bug.cgi?id=1316267 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-2160 – Privilege escalation when changing root password in sti builder image

https://notcve.org/view.php?id=CVE-2016-2160

Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. Red Hat OpenShift Enterprise 3.2 y OpenShift Origin permiten a usuarios remotos autenticados ejecutar comandos con privilegios de root cambiando la contraseña de root en una imagen builder sti. A flaw was found in the building of containers within OpenShift Enterprise. An attacker could submit an image for building that executes commands within the container as root, allowing them to potentially escalate privileges. • https://access.redhat.com/errata/RHSA-2016:1064 https://bugzilla.redhat.com/show_bug.cgi?id=1316127 https://github.com/openshift/origin/pull/7864 https://access.redhat.com/security/cve/CVE-2016-2160 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-3711 – haproxy: Setting cookie containing internal IP address of a pod

https://notcve.org/view.php?id=CVE-2016-3711

HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie. HAproxy en Red Hat OpenShift Enterprise 3.2 y OpenShift Origin permite a usuarios locales obtener la dirección IP interna de un pod leyendo la cookie "OPENSHIFT_[namespace]_SERVERID". An information disclosure flaw was discovered in haproxy as used by OpenShift Enterprise; a cookie with the name "OPENSHIFT_[namespace]_SERVERID" was set, which contained the internal IP address of a pod. • https://access.redhat.com/errata/RHSA-2016:1064 https://github.com/openshift/origin/pull/8334 https://access.redhat.com/security/cve/CVE-2016-3711 https://bugzilla.redhat.com/show_bug.cgi?id=1322718 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •